Cryptographic Testing

FIPS 140-3 Testing

Consult our experts. We are happy to support you.

FIPS 140-3 – short for the U.S. Federal Information Processing Standard 140-3 – are security requirements for cryptographic modules related to the secure design and implementation of cryptographic modules that provide protection for sensitive or valuable data.

We also offer legacy updates for cryptographic modules previously certified under FIPS 140-2 until September 2026.

What atsec offers:

atsec US provides the following cryptographic module testing services:

  • Training for FIPS 140-3 and validation process
  • Assessment of your cryptographic module test readiness
  • Support for the production of the security policy, finite state mode, and user documentation
  • Conformance testing of cryptographic modules, resulting in a certificate issued by the National Institute of Standards and Technology (NIST) and the Canadian Center of Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP)

Why our services are important to you:

If you plan to sell a product that includes a cryptographic module to a U.S. Federal Government agency that uses cryptographic-based security systems to protect sensitive data in computer or telecommunication systems, FIPS 140-3 certification of that product is mandatory. In addition, FIPS 140-3 certification of cryptographic modules is increasingly valued in other industry sectors (for example, banking) in which the protection of sensitive data by cryptographic-based solutions is critical. atsec is ready to partner with you to help you understand the requirements of the standard, assess your product’s readiness for FIPS 140-3 validation, and perform the conformance testing that will earn certification of your cryptographic product.

FIPS 140-2 and FIPS 140-3 certificates earned through atsec testing:

Vendor / Product Sec. level / Type Number / Date
Red Hat®, Inc.
Red Hat Enterprise Linux 9 – OpenSSL FIPS Provider
1
Software
4857
2024-10-29
Canonical Ltd.
Canonical Ltd. Ubuntu 22.04 GnuTLS Cryptographic Module
1
Software
4855
2024-10-28
Apple Inc.
Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1]
1
Software
4854
2024-10-28
Red Hat®, Inc.
Red Hat Enterprise Linux 9 gnutls
1
Software
4846
2024-10-21
Cloudlinux Inc., TuxCare division
OpenSSL FIPS Provider for AlmaLinux 9
1
Software
4823
2024-10-07
SUSE, LLC
SUSE Linux Enterprise Libica Cryptographic Module
1
Software-Hybrid
4822
2024-10-07
Apple Inc.
Apple corecrypto Module v12.0 [Apple silicon, User, Software, SL1]
1
Software
4817
2024-10-01
HP Inc.
HP Endpoint Security Controller Cryptographic Library
1
Hardware
4814
2024-09-25
Qualcomm Technologies, Inc.
Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library
1
Software-Hybrid
4809
2024-09-23
Red Hat®, Inc.
Red Hat Enterprise Linux 8 Kernel Cryptographic API
1
Software
4804
2024-09-19

Introduction to the
CMVP and CAVP

Watch our Introduction to the Cryptographic Module Validation Program and the Cryptographic Algorithm Validation Program video, which will provide you with a head start on understanding the certification process.

Still have questions?

Can’t find what you’re looking for? Let’s talk!

Cryptographic Algorithm Testing

Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.

Entropy Source Assessment

Documented conformance, where applicable, to the SP 800-90B is required by the CMVP for all FIPS 140-3 module validation submissions.

Common Criteria Evaluation

The Common Criteria (CC), also known as ISO 15408, is an internationally recognized standard used to specify and assess the security of IT products.

The Information Security Provider

Read Our Latest Blog Articles

Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.